Do I need to duplicate work I have already done to comply with the ISM Code?

No! You already conduct internal audits, perform management reviews and prepare for emergencies related safety; it makes sense to employ this knowledge and experience in complying with the ISPS Code. A word of warning though; your existing procedures and practices may need revising to fully meet the requirements of the ISPS Code. One important difference between the ISM and ISPS Codes is that the SSP requires formal approval. When you submit your SSP for approval it must be complete. Common ISM / ISPS procedures and contingency plans must be included if full. The SSP can not state “internal audits will be conducted in accordance with ISM Procedure XXX” unless the full procedure s included in the SSP.